2024-08-24_f4296e0a8426853ade124609d71f9803_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-24_f4296e0a8426853ade124609d71f9803_mafia
Size

2.1MB
MD5

f4296e0a8426853ade124609d71f9803
SHA1

3f4d400ff5e18579c95faf0d06cb7ac0e3458054
SHA256

519b9f2f2b582530826675e2375babd1ca0f7b6a19c206450cf563c5b89b859b
SHA512

7b8f2f8bc480731eac3f628ce45e28edd2698c735e78c5643aa6a15d41146a6924e7eddca26bb6de562f61ad260101f6443a3cc19e8833cae4ea95498521b7ba
SSDEEP

49152:7xTpCV8eK8WJhbTWJSpDXMY0A8vDPa5Iv8tl0VI7e/gGfIp7YUECFWpyROM:R8V8eK8WJh2SZMY0A8vDPa5Iv8g/pfIT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-24_f4296e0a8426853ade124609d71f9803_mafia

Files

2024-08-24_f4296e0a8426853ade124609d71f9803_mafia
.exe windows:5 windows x86 arch:x86

5d7bef3baeaf940d402b207d318759ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\project\ChatHallEx\bin\ChatHallEx.pdb

Imports

kernel32

EnumSystemLocalesA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetDriveTypeW
GetCurrentDirectoryW
FindFirstFileExA
GetDriveTypeA
IsValidLocale
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoA
SleepEx
WinExec
OpenProcess
OpenEventA
GetComputerNameA
CreateFileW
WriteConsoleW
SetEnvironmentVariableA
GetFileInformationByHandle
LCMapStringW
CompareStringW
GetStringTypeW
IsValidCodePage
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
IsProcessorFeaturePresent
GetLocaleInfoW
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
HeapQueryInformation
HeapSize
CreateThread
ExitThread
ExitProcess
HeapReAlloc
RaiseException
VirtualQuery
GetSystemInfo
VirtualAlloc
RtlUnwind
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
FindResourceExW
VirtualProtect
SearchPathA
Sleep
GetProfileIntA
GetNumberFormatA
GetWindowsDirectoryA
GetTempPathA
SetErrorMode
GetTickCount
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetACP
GetSystemDirectoryW
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
InitializeCriticalSection
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
CreateFileA
lstrcmpiA
FileTimeToSystemTime
GetThreadLocale
GetFullPathNameA
GetTempFileNameA
GetFileTime
GetFileAttributesA
GetUserDefaultLCID
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetModuleHandleW
InterlockedExchange
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
GetModuleHandleA
WideCharToMultiByte
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
LoadLibraryA
ActivateActCtx
DeactivateActCtx
SetLastError
FreeLibrary
CompareStringA
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcpyA
LocalAlloc
lstrcmpA
GetPrivateProfileIntA
MultiByteToWideChar
lstrlenA
lstrcmpW
GetCommandLineW
CloseHandle
GetLastError
CreateMutexA
WritePrivateProfileStringA
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileStringA
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap

user32

IntersectRect
SetRect
CopyAcceleratorTableA
SetRectEmpty
DestroyMenu
GetMenuItemInfoA
InflateRect
DrawStateA
ShowOwnedPopups
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
GetActiveWindow
SetWindowContextHelpId
MapDialogRect
GetMenuStringA
InsertMenuA
RemoveMenu
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
ReleaseCapture
SetCursor
LoadCursorW
SetCapture
KillTimer
SetTimer
ClientToScreen
SetWindowRgn
FillRect
SystemParametersInfoA
IsRectEmpty
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
InvalidateRgn
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
IsMenu
NotifyWinEvent
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
SetMenuDefaultItem
GetMenuDefaultItem
UnregisterClassA
GetScrollRange
SetScrollPos
EnableWindow
LoadAcceleratorsW
RegisterClipboardFormatA
GetKeyNameTextA
TranslateAcceleratorA
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
ValidateRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
DestroyIcon
LoadImageA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
CharNextA
CharUpperA
RealChildWindowFromPoint
GetSysColorBrush
LoadCursorA
CopyImage
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
GetMenu
CopyRect
GetWindow
GetDlgCtrlID
IsChild
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnumDisplayMonitors
SetLayeredWindowAttributes
WindowFromPoint
WaitMessage
DeleteMenu
GetNextDlgGroupItem
MessageBeep
GetPropA
LoadMenuW
MessageBoxA
LoadIconW
GetSystemMenu
AppendMenuA
SendMessageA
GetWindowLongA
SetWindowLongA
GetClientRect
UpdateWindow
GetWindowRect
OffsetRect
PostQuitMessage
IsIconic
GetWindowTextW
GetSystemMetrics
DrawIcon
InvalidateRect
TrackMouseEvent
PtInRect
CallNextHookEx
SetWindowsHookExA
PostMessageA
GetParent
UnhookWindowsHookEx
IsWindow
DrawTextW
IsWindowVisible
ShowWindow
GetCursorPos
SetWindowPos
CallWindowProcA
AdjustWindowRectEx
CheckMenuItem
EnableMenuItem
GetAsyncKeyState
IsZoomed
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromWindow
MonitorFromPoint
GetMenuState
ModifyMenuA
GetFocus
LoadBitmapW
MapVirtualKeyA
SetParent
DestroyAcceleratorTable
SetClassLongA
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableA
SetCursorPos
LockWindowUpdate
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
PostThreadMessageA
CharUpperBuffA
CopyIcon
FrameRect
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetIconInfo
HideCaret
PeekMessageA
InvertRect

gdi32

GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectA
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateRectRgnIndirect
GetRgnBox
GetBkColor
GetTextColor
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
SetRectRgn
CombineRgn
PatBlt
CreateRoundRectRgn
CreatePolygonRgn
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceA
SetPixelV
CreateRectRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateDIBSection
SelectClipRgn
GetLayout
SetTextAlign
MoveToEx
Polyline
LineTo
BitBlt
DeleteObject
Ellipse
LPtoDP
DPtoLP
SelectObject
CreateCompatibleDC
CreateEllipticRgn
GetObjectA
SetBkColor
SetTextColor
CreateBitmap
GetMapMode
SetLayout

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

CryptCreateHash
CryptDestroyHash
CryptGetHashParam
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptHashData

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
CommandLineToArgvW
Shell_NotifyIconA
DragFinish
DragQueryFileA
SHGetFileInfoA
SHBrowseForFolderA
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
ShellExecuteA

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
StrChrA
PathFindExtensionA
PathFileExistsA
StrStrIA

ole32

CoDisconnectObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
OleDraw
CoInitialize
CoUninitialize
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleIsCurrentClipboard
DoDragDrop
CoInitializeEx
CoRevokeClassObject
CoRegisterMessageFilter
CreateStreamOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
RevokeDragDrop
CoLockObjectExternal
OleFlushClipboard

oleaut32

VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayUnaccessData
VarBstrFromDate
OleCreateFontIndirect
LoadTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound

oledlg

ord8

gdiplus

GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdiplusShutdown
GdiplusStartup
GdipSetInterpolationMode
GdipCreateFromHDC
GdipGetImagePalette
GdipDeleteGraphics
GdipDrawLineI
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipGraphicsClear
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipCloneImage
GdipCloneBrush
GdipLoadImageFromFile
GdipFillRectangleI
GdipDrawImageI
GdipReleaseDC
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipSetStringFormatTrimming

winmm

mixerOpen
mixerClose
mixerGetLineInfoA
mixerGetID
mixerGetDevCapsA
mixerGetLineControlsA
mixerSetControlDetails
PlaySoundA
mixerGetNumDevs

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

imagehlp

MakeSureDirectoryPathExists

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

psapi

GetModuleFileNameExA

d3d9

Direct3DCreate9

iphlpapi

GetAdaptersAddresses

uxtheme

DrawThemeParentBackground

ws2_32

WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
WSACleanup

wldap32

ord46
ord41
ord27
ord211
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord22

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d7bef3baeaf940d402b207d318759ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

winmm

oleacc

imm32

imagehlp

setupapi

psapi

d3d9

iphlpapi

uxtheme

ws2_32

wldap32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 339KB - Virtual size: 339KB

.data Size: 27KB - Virtual size: 57KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 191KB - Virtual size: 191KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 339KB - Virtual size: 339KB

.data
Size: 27KB - Virtual size: 57KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 191KB - Virtual size: 191KB